<?php
    include '../../core/database.php';
    
    $act        = $_POST['act'];
    $username   = $_POST['username'];
    $password   = md5($_POST['password']);
    $user_id    = '';
    
    if($act == "login"){
        $res = mysql_fetch_row(mysql_query("   SELECT  `id`
                                               FROM    `users` 
                                               WHERE   `username` = '$username' AND `password` = '$password'   "));
        
        if($res[0] != ''){
            echo "true";            
            $_SESSION['user'] = $res[0];
        }else {
            echo "false";
        }
    }
    
    if($_SESSION['user'] == ''){
        header('Location: ../index.php');
    }else{
        $user_id = $_SESSION['user'];
    }
    
?>